The fixes from 980574 including the patch from Zbigniew Jędrzejewski-Szmek need to be applied to git-daemon in RHEL 7 Optional. Without them, git-daemon currently doesn't even start from systemd.
+++ This bug was initially created as a clone of Bug #980574 +++
Description of problem:
Using the systemd unit files for git-daemon, the git service fails to start on connections to port 9418. This is because "Accept=true" in the .socket file expects a template unit for the service file, so this can be fixed by renaming git.service to git@.service.
Version-Release number of selected component (if applicable):
git-daemon-1.8.3.1-1.fc19.x86_64
How reproducible:
Always
Steps to Reproduce:
1. systemctl enable git.socket
2. Connect to 9418
Actual results:
git.socket failed to queue service startup job (Maybe the service file is missing or not a template unit?): Invalid argument
Additional info:
It would also be helpful to add a - to the ExecStart command in the .service to prevent non-zero exit statuses from tripping things up.
Attached a patch that renames git.service and adds a - to ExecStart.
--- Additional comment from Will Woods on 2013-09-09 14:15:17 EDT ---
Note that this alone won't fix the git service, since access to the port appears to be blocked by current SELinux policy:
type=AVC msg=audit(1378750077.318:169825): avc: denied { name_bind } for pid=1 comm="systemd" src=9418 scontext=system_u:system_r:git_system_t:s0 tcontext=system_u:object_r:git_port_t:s0 tclass=tcp_socket
I feel like git_system_t should be allowed to access git_port_t, but maybe my labeling is off somewhere..
--- Additional comment from David Shea on 2013-11-25 14:18:48 EST ---
For what it's worth, on a fresh F20 system with my patch applied, I don't get a selinux denial for the port, but I can't get it to be able to read my home directory without mucking around with the policy (see bug 1034412)
--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2014-05-26 12:23:00 EDT ---
Ping?
--- Additional comment from Pierre-YvesChibon on 2014-08-07 07:52:02 EDT ---
Ping ?
@Chris, if you do not have the time, I can push the file name change and just rebuild the package.
Having a gitd-daemon working on F21, rawhide would be nice :)
--- Additional comment from Pierre-YvesChibon on 2014-08-26 06:42:19 EDT ---
ping?
--- Additional comment from Chris Wright on 2014-08-29 01:01:55 EDT ---
looks fine, resetting to default owner
--- Additional comment from Pierre-YvesChibon on 2014-09-08 03:33:53 EDT ---
Chris, shall I do it, or are you doing it?
--- Additional comment from Pierre-YvesChibon on 2014-10-24 07:15:30 EDT ---
--- Additional comment from Pierre-YvesChibon on 2014-10-24 07:17:46 EDT ---
I attached to this ticket a git format-patch to apply on master and fixing this bug (based on the patch from David Shea).
I will push it in a few days if I do not hear anything against it :)
Cheers!
--- Additional comment from Jitka Plesnikova on 2014-10-24 08:21:06 EDT ---
Why did you assign the BZ to me? I am not maintainer of git.
--- Additional comment from Pierre-YvesChibon on 2014-10-24 10:44:52 EDT ---
Because you're the last one that touched the git spec since July and Chris Wright who is the default assignee in bugzilla git not touch it since:
> git.spec:* Fri Mar 30 2007 Chris Wright <chrisw> 1.5.0.6-1
I'm happy to pass the bug along, I'm just trying to get someone's attention to my patch to see if I should push it or not :)
--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2014-10-24 11:29:02 EDT ---
pingou, please push it, but apply the following fixup:
--- /usr/lib/systemd/system/git@.service 2014-09-08 04:44:45.000000000 -0400
+++ /etc/systemd/system/git@.service 2014-10-24 11:25:59.303000000 -0400
@@ -1,9 +1,8 @@
[Unit]
Description=Git Repositories Server Daemon
Documentation=man:git-daemon(1)
-Wants=git.socket
[Service]
User=nobody
-ExecStart=/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose
+ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose
StandardInput=socket
(Wants is not needed, and without the "-" all failed connections would leave the instance units hanging around.)
--- Additional comment from Pierre-YvesChibon on 2014-10-24 11:53:29 EDT ---
Adjusted and pushed, thanks!
Does anybody mind if I cherry-pick it in F21 and F20 to fix git-daemon?
--- Additional comment from Fedora Update System on 2014-10-28 06:20:58 EDT ---
git-1.9.3-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/git-1.9.3-2.fc20
--- Additional comment from Fedora Update System on 2014-10-28 06:21:06 EDT ---
git-2.1.0-2.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/git-2.1.0-2.fc21
--- Additional comment from Fedora Update System on 2014-10-29 07:04:41 EDT ---
Package git-1.9.3-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing git-1.9.3-2.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-13885/git-1.9.3-2.fc20
then log in and leave karma (feedback).
--- Additional comment from Fedora Update System on 2014-11-04 22:58:32 EST ---
git-1.9.3-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
--- Additional comment from Fedora Update System on 2014-11-10 01:51:46 EST ---
git-2.1.0-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.